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(57) Abstract 

A method of encoding a magnetic strip card and a card 
reader terminal there for validation of information during an 
electronic transaction is disclosed which involve generating a 
unique card key unrelated to any information recorded on the 
card. The card key is recorded in a secure data base along with 
other details including a PIN and also encrypted on the card. 
During a transaction the card key is used to encrypt certain 
transaction data which is transmitted to the secured data base 
in order to verify the transaction against the stored data. 
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Security System for EFT using Magnetic Strip Cards 
Introduction 

The present invention relates to the security, reliability and 
practicability of electronic transactions involving the use of magnetic strip 

5 cards and Personal Identification Numbers. 
Background of the invention 

There are over one billion magnetic strip cards which are used as the 
basis of debit and credit financial transactions. These cards are being 
increasingly used in association with Personal Identification Numbers (PINs), 

10 Typically these PINs are encrypted, in Electronic Funds Transfer (EFT) 
terminals using symmetric algorithms such as that specified in the Data 
Encryption Standard (DES). While much effort has gone into formulating 
security measures within these terminals experience has shown that the 
greatest security risk is associated with the computers which control the 

15 operation of these terminals. A fundamental property of algorithms such as the 
DES is that it is impossible to prove that a copy of the encryption key which 
has been used to encrypt the PIN and is under the control of the computer 
systems operator has not been obtained by some third party. Thus with 
current practice the magnetic strip image and the PIN can be recovered from 

20 the terminal transmission and the attacker is in a position to derive benefit 
from the card holders account until the funds are exhausted or a fraud is 
detected. Further frauds can be committed because these systems are forced 
to allow manual entry of card numbers as a result of the poor quality and 
reliability of magnetic strip encoding. 

25 A further limitation of magnetic strip technology is the amount of 

information which can be encoded on the card particularly given the limitations 
imposed by the International Standards Organisation (ISO). 

Yet another limitation of current practice is that PINs can not be safely 
stored in computer systems since the means to decrypt them into clear text is 

30 also usually present. This leads to a situation where all PIN driven 
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t hp transmitted to a computer system which has the means 
transactions must be transmittea 10 k neceS sitv 
of verifying the PIN validity in real time. Such computers must of necessrty 

holders as a result of unreliable communications links. 

The problem c, card auction is also serious in that da* encoded 
a ™,n be readily generated from data transmitted to the 

- - ~* ° f * e physira ' rard ' s,nce " 

generated from the data contained in a previous transacts 

Summary of the Invention 

Wording to a firs, aspect, the present invention provides a method o, 
1B encoding a magnetic strip card to enable validation o, the card by ar, ,s-g 
organisation during an e,e*onic transaction, me method compnsmg me steps 



10 



of. 



(a) generating a unioue card key tor me magnetic strip card prior to 
issue, which is no, readily derived from any Cher data recorded on me 



20 card, 



(b) recording me card Key on me magnetic strip o, me respective 
card prior to issuing me card to a client, AtM 
,c) recording the card key with card details in a secure database. 
According to a second aspect the present invention cons,sts ,n a 
25 memodT o^ing a magnetic s«p card to enable validation o, me car y 
I ssuin, organisation dur* 9 an electronic transaction, me method 

"^st*. - » * - — -* r t to 

issue, which ,s independent o. any data visibly recorded on me card. 
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(b) generating a Personal Identification Number (PIN) associated with 
the card, 

(c) recording the card key on the magnetic strip of the respective card 
prior to issuing the card and PIN to a client, 

5 (d) recording the card key and PIN with card details in a secure 

database. 

According to a third aspect, the present invention provides a method of 
validation of a magnetic strip card during an electronic transaction wherein 
data stored on the magnetic strip card is read by a transaction terminal 
10 following which the terminal transmits a transaction message including card 
details and transaction details to an issuing organisation which issued the 
card, either directly or via intermediate processors, where a card key forming 
part of the stored data read from the card was recorded in a secure database 
at the time of card issue, the method comprising the steps of:- 
15 (a) the transaction terminal encrypting a part or all of the transaction 

message using the card key read from the card, the encryption being 
performed with a one way function, 

(b) the transaction terminal transmitting to the issuing organisation 
the transaction message, including encripted and non-encripted data, 

20 the non encripted data including a subset of the card details read from 

the card, the subset being sufficient to uniquely identify the card, and 
wherein the subset does not include the card key, 

(c) the issuing organisation, after receiving the transmission of the 
transaction message, identifying the card and recalling the card key for 

25 that card from its records, and examining the encripted data using the 

card key and the one way function to verify that the transaction is valid. 
In one embodiment, not involving use of a PIN verification is performed 
by de-cripting the encripted card details and comparing the de-encripted 
details with un-encripted card details or with card details held in the secure 
30 database, while in an alternative embodiment, verification is performed by 
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details of the transaction message. 

,n ye, a luhher alternative, venation is performed by *«™ *" 
en^ipted data and examining unio,e transaction details for va,, y The 
Zue paction details may include a unique transaction ,denUf,e, or a 

Ta preferred embodiment me secure database includes a customer 
Persona, identi^on Number (PM) known ,o ,he card holder. ,he en<*P ed 
d ,7 J le transaction messa fl e inciudes the P,N and me venf^on 
ZL reeling *. P« .cm the records o, the issuing or g an,sat,on and 
comparing the encripted PIN with the recalled PIN. 

,„ the preferred embodiment the encrypted P,N is de.ncryp.ed to 
perform the comparison, however, it is a,so possib,e to encn,, f^ecalied 
P,N and compare this with the enoypted PtN from *e transact term nal. 

W y, the faction details remitted by the transacts termrna 
t0 gluing body - inc,ude fhe value a — 

number and a code identifying the transaction .ermtnal. In a fmanaal 
SLa - — n value wii, be th. «nan«al vaiue - * M»- £ 

„r transactions the va ue will have another 
D however, in other types of transacts, in 

relationship wrth the transaction data. 

ln a preferred embodiment a, least one specie oeta,l of ea* 
7- • „«d as a second key when encrypting the PIN. The specrfic 

the proposed transmission format wnn p« iu 

!1 image ma, would have con,ained the card key is replaced by the product 
7. lection containing a, leas, one specif, detai, o, the 
JL Z card key Thus, cards which are manufactured from intercepted traffic 
30 -scan me source of ,he data used ,o manufacfure 
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them. This protection is afforded to card images and transactions with and 
without the use of a PIN. 

The at least one specific detail used to encode the PIN will preferably 
be the transaction value. In further embodiments of the invention, details 
5 provided by the transaction terminal are also used to encrypt the PIN. These 
further encryption key data may be, for example, a transaction sequence 
number generated by the terminal and/or a terminal identification code. 

According to a fourth aspect, the present invention provides a method 
of encoding data on a magnetic strip card including the steps of formulating an 
10 encoding table containing n codes randomly ordered by an index, breaking 
the data to be encoded into groups of m bits, recursively dividing the value of 
each m bit group by (n-k), where k is a small odd value, successively using , 
the remainder of each division as an index value to select a code from the 
encoding table, and encoding the selected code as the next character on the 

15 magnetic strip card. 

In the preferred embodiment, the encoding table has 43 randomly 
ordered codes (i.e. n= 43), the data is grouped into 16 bit groups (i.e. m = 16), 
each group being limited to having a maximum possible value of 64,000 arid 
the groups are recursively divided by 40 (i.e., n-3). In embodiments in which 
20 the 16 bit groups have a maximum value of 65,535, the groups are recursively 
divided by 42 (i.e., n-1). 

According to a fifth aspect, the present invention provides a magnetic 
strip card reading terminal including: 

(a) magnetic strip card reading means to read card data including a 
25 card key from a magnetic strip on a magnetic strip card, 

(b) transaction detail input means to enable a set of transaction data to 
be entered into the terminal, 

(c) encryption means arranged to encrypt a subset of the card data or 
transaction data using the card key as the encoding key in a one way 

30 function. 
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m transmission means arranged ,o directiy or Indirect,, transmit me 
encrypted data and other un-encripted card end transaction deta.ls to 
an issuing organisation who issued the card. 

h a preferred embodiment the transaction detail input means includes 
a data entry means which enables a Persona, .den.ifica.ion Number (PIN) to 
be entered and a card holder PIN is transmitted with the card deta,ls. 
Brief Description of the Drawings 

An embodiment of the invention will now be described with reference to 
the accompanying drawings in which:- 

Figure 1 shows an example of a track data layout o, a magnet.c stnp 
debit card, indicating the discretionary data bio* which is redefined ,n 
embodiments of the present invention to provide space for the card Key and 

other required data; u .«h,. 
Figure. 2 schematically illustrates an electronic funds transfer network. 



15 and 



Figure 3 schematically lllus.ra.es the components of an electronic 
funds .ransfer .ermine, which are used for da.a encryption in an embodiment 

of the invention; and 

Figure. 4 shows the character set for encoding information on hack 1 . 

20 Detailed Description of Embodiments 

Referring to Figure 2, an Bedronic Funds Transfer (EFT) m-cbon ,s 
usually initiated from a retai, transaction terminal 11 which is connected to a 
conning computer 12 of the issuing bank via a network 13 including a 
2* oomputer operating as a card in.er-ne.work swKch 14. The transacts 
* iTna, 11 wi,i generally be conneCed .o .he ne«work 13 via .he Acc,u,nng 
Zrcompu.er 1 6 which wii, in .urn be connected to me card internetwork 
^nch 14 either directly or via the computers of Cher intermedia e 
organisations 16. Simiiariy me card internetwork switch 14 is connected to 
the computer o, the issuing bank 12 either directly or via the computers o, 
30 intermediate organisations 1 7 . 
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Components of the electronic funds transfer (EFT) terminal which forms 
part of the network of figure 2 are shown in more detail in Figure 3. The 
terminal includes a card reader 21 which reads the magnetic strip 26 of a card 
27 to obtain a unique card key which is not visibly represented on the card. 
5 The terminal also includes a PIN entry keyboard 22, a terminal date 
generating circuit 23, an encryption means 24 and a network communications 
interface 25. The PIN entry keyboard 22 may also be used for transaction 
detail entry, or the transaction details may alternatively be transmitted via a 
communications channel from a cash register or other point of sale terminal 
10 device. The terminal data generating circuit 23 is preferably arranged to 
provide a unique terminal identifying number and a transaction serial number 
for that terminal. By concatenating these numbers a unique identifying 
number for the transaction may be obtained. The encryption means 24 
receives data from the card reader 21, the PIN entry keyboard 22, including 
15 the transaction details if these have been keyed in, and the terminal data 
generating circuit 23 and encrypts some details of the transaction which may 
include card data, transaction data and the PIN using one of the methods as 
hereinafter described. It should be noted that not all transactions involve the 
use of a PIN, however the present invention is equally effective in protecting 
20 the integrity of a card used in these transactions. The encrypted PIN and/or 
other terminal and transaction details are then transmitted to the issuing bank 
12 by the communications interface 25 and the network of figure 2. 

Turning now to Figure 1 embodiments of the present invention use the 
discretionary data encoded on track 1 of a magnetic strip card in a novel way 
25 to improve the reliability of recovery of the card data and, when coupled with 
complementary processing in the EFT terminal, protects the PIN on a end to 
end basis (that is between the transaction terminal and the card issuer), as 
well as providing for end to end card authentication. Preferred embodiments 
also incorporate an intermediate form of PIN verification which we have 
30 termed PIN Credibility Checking (PCC). Thus the reliability and security of 
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transactions may be improved without the need to repiace the encoding 
technology employed to encode over one billion ousting magnetic strip cards. 
The scheme is totally consistent with the standards for card encodmg 
published by the International Standards Organisation. The preferred 
embodiment of tha invenUon utilises encoding methods which are as dose as 
practical to the theoretical maximum methods which could be employed. 

The scheme involves the provision of a software program which allows 
an issuing bank to encode cards under the control o, a number of enavption 
and encoding Keys which are unique to the issuer Identification Number (IIN)^ 
, The result of this is an individual encryption key (Card Key CK) for each card 
which is derived from this key. All such keys may be held secret by the bank 
that encoded and issued the card except that some encoding informafon w,ll 
be made available to those manufacturers who are constructing terminals to 
support the scheme. 

5 The encoded Card Key (CK) which is stored in an encoded form wrthm 

me track 1 discretionary data (refer to Figure 1) is used as the basis of a key 
to first encrypt the PtN. The Card Key is combined with transaction vanab.es 
such as amount of the transaction to produce a unique P.N key for th,s 
transaction. The Card Key is no. transmitted by the termina, to me controlling 

2 0 computer system. Thus bom me encrypUon of the PIN and 

the card is protected from a compromised computer system connected to the 

transaction terminals. 

The encoding scheme which utilises radix 43 and 40 arithmet.c and a 
number of 43 character value tables provides for far more information than 
25 that currentiy availabie on the card. The encoding tables themselves 
represent a form of encryption with a long length key. 

Different encoding tables are used for different fields within the card 
and access to the encoding information is restricted to those who have a 
legitimate need to know their values. 
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CARD KEY 

A problem with any terminal key management scheme used to protect 
PINs and generate Message Authentication Codes (MACs) is that a terminal is 
a finite state machine. Thus if the information process within the terminal is 
5 known and ali the data which is input to the process is known then the result is 
known. If the information process is symmetric as in the case of the Data 
Encryption Standard (DES) then the input to the process can be determined 
by those who have access to the terminal information. 

Thus any person who has a copy of the information contained within 
10 the terminal can determine the clear text value of the PIN from the terminal 
transmission if all the input data is transmitted from the terminal. Embodiments 
of the present invention use an encoded Card Key (CK) which is used to first 
encrypt the PIN. This Card Key (CK) is not transmitted by the terminal to the 
computer. Thus the PIN is encrypted using a key which is only known to those 
15 who encoded the card or had access to it without this protection feature and 
have knowledge of the encoding scheme tables and the terminal processing 
scheme and the value of the data transmitted from the terminal. The Card Key 
(CK) is unique for each card and may be derived from a master key and the 
Primary Account Number (PAN) using a cryptographic one way function. The 
20 master key will typically be unique for each range of PANs which belong to a 
card issuer identification number (UN). 

Further the card key is replaced in the card image transmitted from the 
terminal with a value unique to the transaction combined with the card key 
using a one way function thus preventing undetected reuse of the card image 
25 transmitted from any terminal. 

FORWARD ERROR CORRECTING CODE 

Magnetic Strip cards have up to a 6% failure rate. Any effective security 
system to prevent simple card fabrication and copying will rely on encoded 
information and thus will preclude the manual keying of Primary Account 
30 Numbers (PANS) for unreadable cards. 
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nrio has been encoded using a different packing 
An error correcting code has been enou » 

m« ♦hp card kev Thus error correction may be 
scheme from that used to encode the card key. 

rnHp Tvoically the field will include a 16 bit Cyclic 
small Error Correcting Code, lypicany 

T check code and a error correcting code which applies to the 
Redundancy Che^code is approP riate for use in dual 

Cyclic ^ e be made P : f tne redundancy of the information 

10 track terminals where use can De me»u 

recorded on both tracks of the card. 

result : :,l * . — . ~ — — ^rit r : 

« .„ M tho partial PIN Remainder (PPK). mc rrr% ^ 
generate or verify the complete PIN value. 

CARD I S^SSl is also encoded ,o provide company - 

Correcting (FEC) code and Partial PW finder (PPR). 

• ^ unencoded layout of the discretionary data on track 1. 

used to — *;^o S en ^ are not cuoently used in no™, 
Three values have * (o ^ „. absence of . FEC 

industry pract.ee. Two of the values ^ in accordance 
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Verification Key Index (PVKI) in current industry practice. The PVKI and its 
associated field the PIN Verification Value PW are also encoded in 
accordance with the scheme described below. 

The value $ is used to indicate the presence of the PVKI PW CW FEC 

5 PPR and CK. 

Values 0-9 indicate non-packed format 
Values A-Z are available for use for other formats. 
The values ),(, $ are used by the following formats and were chosen 
'because they are not currently in use. 
10 DATA FIELD LAYOUT 

The data is encoded in separate fields. The fields are encoded in the 
order Format Code (FC) PVKI and PW CW PPR FEC and CK. 

The scheme provides for an 8 bit PPR value a 24 bit FEC value' and a 
64 bit CK value. The currently used values of the PVKI PW and CW are 
15 supported by the encoding scheme. 
THE ENCODING SCHEME 

The value to be encoded is first divided into groups of 16 bits. Each 16 
bit value is recursively divided by the value 40 or 42 depending on the 
maximum value of the field content and the available field size. Each 
20 successive remainder is used as an index to select a character value from the 
encoding table associated with that field. The selected character is encoded 
on the card. The value 40 is preferred where possible in the interests of 
speedy implementation in low power central processing units (CPUs). Each 
encoding table contains all 43 possible values of a character without special 
25 meaning which may be encoded on track 1. The character set used on track 1 
is shown in figure 3. 
FORMAT "$" 

Allows for Partial PIN Remainder (PPR), error correcting code and a 
card Key as well as currently employed fields such as PVKI PW and CW. 
30 PARTIAL PIN REMAINDER - 8 BITS 



PCT/ATJ95/00329 

WO 95/34042 

12 

The Partial PIN Remainder tor 6 or 6 + digi. P.Ns Is ft. value 
PPR . ((^2x3^3*5^4*7^11^3) REM Z ♦ .) XOR PK 
. a«er d^slon .n*n end XOR lndlca.es 

r, a Kinarv addition without carry), 
the exclusive or function (i.e., binary aaara 

Z and I are allocated as the following valid pairs. 
Z=127, 1=128 

10 z = 31 • 1=96 

Z=23 , 1=73 

«c e« R7 rr 69 70 71 72 indicate that there is no partial 
PPR values 64,65,66,67,68,69,70,/ 1,/* 

PIN but that the PIN length is 4,5,6, etc digits. 
□dd wail ies 0-63 are reserved. 
15 A nonzero le may be assigned ,c ft. value PK to further .mprove 

the security of the scheme. 

ERROR CORRECTING CODE- 24 BITS ^ 
A24 bllfle ,dls - 
20 based on data on data such as the PAN ^ 

=rjsrjs-:-— - - 

image and do not require access to other mapping teb.es. 

FORMAT T .. . orissuere ^ «ish to encode 8 decimal digits of 

26 This format provdes .or «uw ^ 

numeric data in * • « ^ bu. WITHOUT a CW. The 

2 for discrefconery date v*a S ^ ^ ^ ^ ^ 

encoding scheme » based on successive 
has been sp.i. into two 16 bit values a«er by d,v,s,on by 65536 (2 
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maximum value available is 4,294,959,999, but in practice will preferably be 
restricted to a maximum value of 99,999,999. 

No provision has been made for encoding separators. 
FORMAT "J" 

5 The ")'* format provides for those who wish to encode alpha numeric 

discretionary data on track 1 and hence will be different to that encoded on 
track 2. All 43 allowed track 1 characters are possible. 
CARD KEY - 64 BITS 

The Card Key is a key unique to the card and is used with transaction 

10 variable data such as the amount of the transaction and terminal identification 
number to generate a unique PIN key which is used to encrypt the PIN prior to 
any other form of encryption. This prevents attacks based on recording the 
encrypted PIN block and utilising the encrypted information as the basis for a 
new fraudulent transaction. 

15 The key can be derived from a double length key per Issuer 

Identification Number (UN). This process involves encryption of the Primary 
Account Number (PAN) with the first key associated with the UN (KM)' 
decryption of the result with the second key (KI2) and then re-encryption of the 
result of that calculation with the first key (KI1). 

20 Thus a copy of the keys KI1 and K12 can be conveyed to a central card 

organisation to allow stand-in PIN verification or conversion to existing PIN 
encryption or retained by the issuer to provide end-to-end protection. In any 
case the method affords protection from compromised acquirer and retailer 
systems when an appropriate terminal is used. 
25 ENCODING TABLES 

Each encoding table (J-N) consists of two parts. 

The first part is a table of 43 7 bit character values including parity. 
Each table contains these characters in a randomly chosen order each of 
which is one of the 43 valid characters allowed on track 1 . A-Z, 0-9, SP, $, (, 
30 ),.,/&- 
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. _ - - . — rrrrr. 

corresponding parity removed character 

5 — MM 

~ t, " TZ- - - fl e is used per - « 

1 images from any point in the network can no, be use, lor 

La^he basis of «— on,, available to the - — 
(cl the card image is protected from alterat,on; 
S it is almost Impossible to produce cards from data con.a,ned ,n 
receiots and other transaction related information; 
T Z o, magnetic strip cards used in conjunct with 

LcelusLg embodiments - the mention is great, improved thrcgh 

1 forward debit transact processing and i mediate ,erm,na, based 

P,N credibility checking; ^cion based networks 

{h) a low cost method of securing card transaction 

v^hich is compatible with existing networks; 
26 , s prov,ded which .scomp ovided ^.hou, resort to 

(I) a feasible key management strategy is v> 
^oniralised kev management centers; 

7 a ! risk incremental indent to existing networks . 
provided. 
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It will be appreciated by persons skilled in the art that numerous 
variations and/or modifications may be made to the invention as shown in the 
specific embodiments without departing from the spirit or scope of the 
invention as broadly described. The present embodiments are, therefore, to 
5 be considered in all respects as illustrative and not restrictive. 
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f^ m etnod of encoding a magnetic S t ri p cart to enable vacation 
card by an issuing organisation during an electronic transaction, the method 

comprising the steps of.- ' 

(a, generating a unique card Key tor me magnetic stnp card pnor o 
issue, which is no. readily derived from any other data recorded on me 

csrd 

<b) recording the card key on the magnetic strip of me respective card 
prior to issuing me card to a client, 

(c) recording the card Key with card details in a secure database. 
2 . The method of claim 1, wherein the card Key is encrypted before t ,s 

recorded on the card. 

3 The method of claim 1, wherein the card Key is generated as a functon 
of an issuer identification number and a Primary Account Number. 
T The method o, daim 1, wherein me issuer identification number 
comprises two Key values and the card Key is generated by encryptrnfl me 
Tmary Account .umber wim a fl rs, of the issuer ,den.if,ca. ion n^ber 
values decrypting the result with me second Key value of me issuer 
Ide—'unL and men re.ncryp.ing me second result w«h the Arst 

20 r ' A ^od of encoding a magnetic strip card to enable validation of the 
card by an issuing organisation during an electronic transaction, me method 

"~7£ST-*» - »> - - ** rard pri : to 

issue, which is independent of any data visibly recorded onthe card, 
,b) generating a Persona, Identification Number (P.N) assocated w,th 

S HLb *. — « •» ma9ne,i ° *** of * e respec,lve 

prior to issuing me card and PIN to a client, 



10 

3. 
ol 

15 4 
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(d) recording the card key and PIN with card details in a secure 
database. 

6. The method of claim 5, wherein the card key is encrypted before it is 

recorded on the card. 
5 7. The methud of claim 5, wherein the card key is generated as a function 
of an issuer identification number and a Primary Account Number. 

8. The method of claim 5, wherein the. issuer identification number 
comprises two key values and the card key is generated by encrypting the 
Primary Account Number with a first of the issuer identification number key 

10 values, decrypting the result with the second key value of the issuer 
identification number and then re-encrypting the second result with the first 
said key value. 

9. A method of validation of a magnetic strip card during an electronic 
transaction wherein data stored on the magnetic strip card is read by: a 

15 transaction terminal following which the terminal transmits a transaction 
message including card details and transaction details to an issuing 
organisation which issued the card, either directly or via intermediate 
processors, where a card key forming part of the stored data read from jihe 
card was recorded in a secure database at the time of card issue, the method 

20 comprising the steps of:- 

(a) the transaction terminal encrypting a part or all of the transaction 
message using the card key read from the card, the encryption being 
performed with a one way function, 

(b) the transaction terminal transmitting to the issuing organisation the 
transaction message, including encripted and non-encripted data, the 
non encripted dataincluding a subset of the card details read from the 
card, the subset being sufficient to uniquely identify the card, and 
wherein the subset does not include the card key, 

(c) the issuing organisation, after receiving the transmission of the 
transaction message, identifying the card and recalling the card key for 



25 



30 
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W card .rem its records, and examining the encripted data using .he 
card key and the one way function to verify that the transaction . valid. 
m The method of Cairn 9. wherein verification is performed by examine 
encrioted card details for validity. 
5 The method o, Cairn 10, wherein verification is performed by de-cr^g 

5 me encr^ted card de.ai,s and compart the de.ncri P ,ed de,a, s -h un- 
enchpted card details or with card details held in the secure database. 
2 The method of Cairn 10, wherein version is performed by encnp ^ 
unscripted card details or card details held in the secure database and 

10 these «*- - - - — - - 

transaction message. 

13 The me<hod of Calm 9, wherein verification is performed^ de 
enenpting the encripted data and examining u.ic,ue transact™ deta„s 

1B it^The method of Cairn 13, wherein the unique transaction details include 
a unioue transaction identifier, or a time stamp. .,.,„. 

The n—d o, Calm 9, wherein me secure database ^ inc udes a 
lomer Persona, .dentin Number (P.N, fcnownto thwart hC*r. « 
enenpted data o, the — r^ssage ,nCu e^ JN-^ 
20 verification comprises recalling the PIN from 

cganlsation and comparing the encripted P,N with the recalled , HR 
1B The method of claim 15, wherein me PIN companson ,s performed by 
ae.roypting the PIN from me transact terminal and companng t^e- 
encrypted PIN w«h me P.N recalled from me records of the issuing 

erupting the PIN recalled from the records of the issuing °^™"" 
comparing me en.yp.ed recailed PIN with the encryp.ed PIN received from 
the transaction terminal. 
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18. The method of claim 15, wherein the transaction details transmitted by 
the transaction terminal to the issuing body include the transaction value, a 
transaction serial number and a code identifying the transaction terminal: 

19. The method of claim 15, wherein the transaction is a financial 
5 transaction, and the transaction value is the financial value of the transaction. 

20. The method of claim 15, wherein at least one specific detail of each 
transaction is used as a further key when encrypting the PIN. 

21 . The method of claim 20, wherein the specific detail is one of the details 
transmitted to the issuing body and the issuing body uses the further key with 

10 the card key to perform the PIN comparison. 

22. The method of claim 21 , wherein the at least one specific detail used to 
encode the PIN is the transaction value. 

23. The method of claim 15, wherein details provided by the transaction 
terminal are also used as further encryption key data to encrypt the PIN. 

15 24. The method of claim 23, wherein the further encryption key data is a 
transaction sequence number or time stamp generated by the terminal. 

25. The method of claim 23, wherein the further encryption key data is a 
terminal identification number. 

26. A method of encoding data on a magnetic strip card including the steps 
20 of formulating an encoding table containing n codes randomly ordered by an 

index, breaking the data to be encoded into groups of m bits, recursively 
dividing the value of each m bit group by (n-k), where k is a small odd value, 
successively using the remainder of each division as an index value to select 
a code from the encoding table, and encoding the selected code as the next 
25 character on the magnetic strip card. 

27. The method of claim 26, wherein the encoding table has 43 randomly 
ordered codes (i.e. n= 43). 

28. The method of claim 27, wherein the data is grouped into 16 bit groups 
(i.e. m = 16), each group being limited to having a maximum possible value of 

30 64,000 and the groups being recursively divided by 40 (i.e., n-3). 
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29 The method of claim 27, therein me data is grouped into 16 bit groups 
Z., mlTs, each group being limited .o a maximum vaiue of 65,535,and the 
groups being recursively divided by 42 (i.e., n-1). 

30 A magnetic strip card reading terminal including: 

. (a, magnetic strip card reading means to read card data ,nc,ud,ng a 

card key from a magnetic strip on a magnetic strip card 

( b) transaction detail input means to enable a se, of transaction data to 
be entered into the terminal 

(c) encryption means arranged to encrypt a subset of me card data or 
UL data using the card Key as the encoding key in a one way 

^ Transmission means arranged to directly o, — ^ 
Inched data and other unscripted card and transacUon details to 
an issuing organisation who issued the card. 
15 31. Z magnetic strip card terrrtna, o, Cairn 30, wherein the 

detail input means includes a communication input for rece,v,n 8 data from 

cash register of point of sale terminal. 

32 The magnetic strip card reading terminal o, claim 30, where,n the 
transaction detail input means includes a data entry means. 
20 T The magna* strip card reading termina, of daim 32, whera,n «h dam 
fnt. al provides a Persona, .dentition Number «P.N) entry M« 

a o holder PIN is transmitted with the card deta.ls. 

rrrTr- of claim 30, , Urt her inciuding 
Lain numler generating means for generating a 

for each transaction and wherein the encryption means uses the transact.cn 
for each trans ^ ^ ^ sena , 

30 serial number as a farmer Key wi 
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number being transmitted to the issuing organisation with the encrypted data 
and transaction details. 

37. The magnetic strip card terminal of claim 30, wherein the transaction 
details include a transaction value and the encryption means uses the 

5 transaction value as a further encription key. 

38. The magnetic strip card terminal of claim 30, wherein the encryption 
means uses a terminal identification number as a further encription. 
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FIGURE 1 
TRACK 1 ENCODING 
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